Archive for February, 2017

« Older Entries
Newer Entries »

BREAKING: Microsoft Holding Off On Today’s Patch Tuesday Release

Posted in Commentary with tags on February 14, 2017 by itnerd

Today is Patch Tuesday. That’s the day that Microsoft releases updates and fixes that ensure that all your Microsoft software won’t get pwned by hackers. Oh yeah, some bugs might also get fixed along the way. But if you’re responsible for deploying these updates in your company, you likely have the rest of the afternoon off based on this:

Our top priority is to provide the best possible experience for customers in maintaining and protecting their systems. This month, we discovered a last minute issue that could impact some customers and was not resolved in time for our planned updates today.

After considering all options, we made the decision to delay this month’s updates. We apologize for any inconvenience caused by this change to the existing plan.

Interesting. There’s no word on when any updates that were planned to be released today will actually be released. But you have to assume that something major happened for Microsoft to take this step as it is not only highly unusual, it’s never happened before.

UPDATE: Microsoft says any patches that were due to be released will come out on March 14, 2017.

1 Comment »

Guest Post: NordVPN Discusses Invasive Cross-Device Tracking by Advertisers and How to Protect One’s Privacy

Posted in Commentary with tags on February 14, 2017 by itnerd

One could imagine Internet users understand they are being tracked by advertisers as soon as they go online: the ad for some recently Googled product suddenly reappears on every Internet page visited. However, a new study shows that the majority of consumers do not realize their private data is being sold to advertising networks and third-party entities in order to provide them with targeted ads.

When people find out they are constantly followed and monitored, many start worrying about their privacy.  And while it’s understandable that advertisers need to use technology to reach the people that might be interested in their products, the problem is that consumers are most often not informed about what kind of information is being collected about them.

Moreover, advertisers are using cross-device tracking, which raises additional privacy and security risks. In cross-device tracking, ad companies and publishers try to build a consumer’s profile based on their activity throughout computers, tablets, smartphones, smart watches and various IoT devices. Online and offline factors are often combined: such as browsing history with physical location, retail purchases with watched TV programs, commute to work and vacation travel and so on.

Basically, most Internet users are tracked from the moment they wake up till they go to sleep through the variety of devices and physical locations revealed by their GPS coordinates.

Why hidden online tracking might be dangerous

There are a few issues when one is unknowingly tracked by advertising companies. 

First of all, it’s an invasion of Internet user’s privacy – whenever the users have not given their consent. For example, one family member might be browsing “privately” on their smartphone, but the rest of the family might see ads on their home computer related to the other person’s mobile browsing history. Or, worse yet, a woman who has suffered the trauma of miscarriage is often still persecuted by pregnancy ads, following her from once-visited pregnancy sites.

There is also the security issue. The collection of unfathomable amounts of data about people’s interests and habits can fall into the wrong hands. If such data landed in the hands of someone with malintent, the Internet user’s information could then be used to steal their identity, access bank accounts or medical records.

While some advertising companies already offer the ability to opt-out from behavioral targeting, most often Internet users are not given an explanation/disclaimer about how they are being tracked.

How can Internet users avoid being tracked by advertisers

Not surprisingly, when an Internet user learns about the amount of information that advertisers are collecting on their daily activities, they may get scared and wish to protect their privacy. There are a few methods that can be easily implemented by anyone who is using the Internet:

1. Ad-blockers. Ad blocking software provides Internet users with a list of third-party trackers, and users can choose to allow some sites to track them or they can choose to block them. For example, AdBlock Plus effectively blocks banner ads, pop-up ads, and other types of ads. It disables third-party tracking cookies and scripts.

2. Deleting cookies. Internet users may be tracked by many different entities: ISPs (Internet Service Providers), ad networks, publishers and other third parties. One of the most common ways to track online behaviour is through cookies – small pieces of code that are downloaded into a user’s browser when they visit a website. When a user visits that website again, this will be recorded through the cookie, and targeted ads can be directed towards that person. Users need to regularly clear their browsing data in order to get rid of all the cookies. Fortunately, websites in the U.S. and Europe, now have to declare that their page is collecting cookies. 

2. VPNs. A VPN encrypts the data between a user’s device and the VPN server, and is the safest security mechanism to ensure the Internet browsing history remains confidential. NordVPN has a reputation of focusing on privacy, security and having a zero logs policy, and is fast and easy to use. The developers at NordVPN have launched powerful apps for Mac, Android, iOS and Windows that are also intuitive and good-looking. The apps reroute and encrypt all Internet traffic by hiding a user’s IP address. Once Internet traffic is encrypted and real IP address is hidden, it becomes difficult to track this person.  As an added benefit, VPN users can also access geo-blocked content online.

3. Browser add-ons. Anti-tracking and anti-cookie extensions are one of the best ways to stay private. For example, Disconnect Private Browsing protects from tracking and malware. It blocks third party cookies and from tracking by social networks like Facebook, Google, and Twitter. Another advisable option is Privacy Badger by the non-profit Electronic Frontier Foundation.

Before ad companies figure out a fair way of informing consumers about their intent and giving a choice about which information can be tracked, users who wish to stay private should be proactive and take care of their own online privacy and security.

1 Comment »

In Depth: Rolling Out BYOD In Your Company

Posted in Commentary with tags on February 14, 2017 by itnerd

BYOD or Bring Your Own Device is a trend in businesses everywhere, and the struggle to roll it out properly to  employees is real. There are so many factors to consider from how to support smartphones, tablets, and laptops, to how to manage them. It can be very overwhelming to the people tasked with implementing BYOD. To help those people out, I connected to Ching Mac of Citrix Canada to get his advice on rolling out BYOD. The advantage of going to Citrix Canada to talk about BYOD is that they themselves have an excellent BYOD policy that allows their employees to use whatever device or devices that work for them and they cover part of the cost. Thus they talk the talk and walk the walk on the BYOD front using their own suite of products. That makes them uniquely qualified to speak to the subject.

First of all, why go the BYOD route? There are many reasons. It increases productivity and employee satisfaction. That’s because you now have an employee that is using the device or devices that they feel will make them most productive. It can save the company money and allow the employee to work anywhere. The latter item being a huge point as that can tie into the employee being more productive. Finally, a key point is that it stops “shadow IT” from popping up in your company. That’s when employees do everything possible to do what they want and avoid corporate IT in the process.

Now, what do you have to keep in mind when you come up with a BYOD policy for your company? One thing to keep in mind is that a successful BYOD policy will touch many areas of the business. Finance, HR, IT just to name three. This will help you do things like define who is eligible to take part as not every employee can or should be part of this. Or which devices are allowed? What corporate services are available to you on a BYOD device? Plus making sure that every employe understands what the policy is. Finally there’s the issues of who’s paying for what, and the IT security considerations that may affect a BYOD policy. If you’re a heavily regulated environment such as health care, that can be a major consideration as data leakage can be “career limiting.” Not to mention what the implications of a lost or stolen device, or using a device on an unsecured network. All of these need to be thought through before rolling out a BYOD policy.

Can a BYOD policy be platform agnostic? That’s an issue as there are some businesses who for example won’t support an Apple product and force users down the path of Windows or Android for example. Properly structured, it can be platform agnostic. If you take offerings for Citrix as an example be it their Xen Mobile or Citrix receiver for example, they support every plaform out there with a similar look and field. Thus users truly have a choice in terms of what device to use without placing an undue burden on IT.

For more infomation on this important topic, Citrix has a great white paper that is full of all sorts of information that businesses need to know when going down this path. In my mind, businesses cannot affort not to look at BYOD. Despite the fact that there’s a lot to consider, BYOD can be a positive for an employer if it is properly implemented.

 

Leave a comment »

#Fail: Apple Suspends Sales Of LG’s UltraFine 5K Monitor Over WiFi Interference Issues

Posted in Commentary with tags on February 13, 2017 by itnerd

After reports of the Apple recommended LG UltraFine 5K monitor having issues when placed near WiFi access points, and reports of a fix being inbound, we now have this ebarrasing situation for Apple. According to AppleInsider, sales of this monitor have been halted:

Separately, AppleInsider has confirmed the organized removal from sale of the Thunderbolt 3 display. Sources inside Apple not authorized to speak on behalf of the company indicated that retail locations are retaining demonstration displays, but not selling any stock on-hand that it may receive that may actually have the shielding fix, nor filling any pending orders until otherwise informed.

This is now an #EpicFail for Apple. They exited the monitor business and got LG to build a monitor for them which has promptly proven to be unusable in a use case that a lot of people, myself included, would use the monitor in. You have to wonder what conversations are going on at 1 Infinite Loop right now. After all, it is not as if users of the new MacBook Pro have many other options for a monitor that’s well suited for their shiny new notebook from Apple.

Leave a comment »

Canadian IT Departments Find It Hard to Keep the Cloud Safe: Intel Security

Posted in Commentary with tags on February 13, 2017 by itnerd

Intel Security today announced its second annual cloud security report, “Building Trust in a Cloudy Sky.” The report outlines the current state of cloud adoption, the primary concerns with private and public cloud services, security implications, and the evolving impact of Shadow IT of the more than 2,000 IT professionals from around the world surveyed.

Trust in the Cloud on the Rise 

The trust and perception of public cloud services continues to improve year over year. Most organizations view cloud services as, or more, secure than private clouds, and more likely to deliver lower costs of ownership and overall data visibility. Those who trust public clouds now outnumber those who distrust public clouds by more than 2-to-1. Improved trust and perception, as well as increased understanding of the risks by senior management, is encouraging more organizations to store sensitive data in the public cloud. Personal customer information is the most likely type of data to be stored in public clouds, kept there by 64 per cent of Canadian organizations surveyed.

Risks Also Rise: Shadow IT and the Cybersecurity Skill Shortage

The ongoing shortage of security skills is continuing to affect cloud deployments. Half of the Canadian organizations surveyed report the lack of cybersecurity skills has slowed adoption or usage of cloud services, possibly contributing to the increase in Shadow IT activities. Another 35 per cent report they are experiencing a scarcity but are continuing with their cloud activities regardless. Only 15 per cent of those surveyed state they do not have a skills shortage.

Due to the ease of procurement, almost 40 per cent of cloud services are now commissioned without the involvement of IT, and unfortunately, visibility of these Shadow IT services has dropped from about 50 per cent last year to just under 47 per cent this year. As a result, 60 per cent of Canadian IT professionals think this phenomenon is interfering with their ability to keep the cloud safe and secure. This is not surprising given the amount of sensitive data now being stored in the public cloud and more than half (52 per cent) of Canadian respondents reported they have definitively tracked malware from a cloud SaaS application.

Data Centre Progression

The number of organizations globally using private cloud only has dropped from 51 per cent to 24 per cent over the past year, while hybrid cloud use has increased from 19 per cent to 57 per cent. This move to a hybrid private/public cloud architecture requires the data centre to evolve to a highly virtualized, cloud-based infrastructure. On average, 52 per cent of an organization’s data centre servers are virtualized, 80 per cent are using containers and most expect to have the conversion to a fully software-defined data centre completed within two years.

Recommendations:

  • Attackers will look for the easiest targets, regardless of whether they are public, private or hybrid. Integrated or unified security solutions that provide visibility across all of the organization’s services could be the best defense.
  • User credentials, especially for administrators, will be the most likely form of attack. Organizations need to ensure they are using authentication best practices, such as distinct passwords, multi-factor authentication and even biometrics where available.
  • Security technologies such as data loss prevention, encryption and cloud access security brokers (CASBs) remain underutilized. Integrating these tools with an existing security system increases visibility, enables discovery of shadow services, and provides options for automatic protection of sensitive data at rest and in motion throughout any type of environment.
  • Organizations need to evolve toward a risk management and mitigation approach to information security. They should consider adopting a Cloud First strategy to encourage adoption of cloud services to reduce costs and increase flexibility, and put security operations in a proactive position instead of a reactive one.

Survey Methodology

In fall 2016, Intel Security surveyed over 2,000 IT professionals across a broad set of industries, countries and organization sizes. Research participants were senior technical decision-makers from small, medium and large organizations located in Australia, Brazil, Canada, France, Germany, Japan, Mexico, Saudi Arabia, Singapore, the United Arab Emirates, the United Kingdom and the United States.

To download the full report, visit www.mcafee.com/ca/solutions/lp/cloud-security-report.html.

 

Leave a comment »

Infographic: Quantum Computer, Encryption Wars, & The End Of Privacy

Posted in Commentary on February 13, 2017 by itnerd

quantum-computers.jpg

Source: whoishostingthis.com

Leave a comment »

Guest Post: Hospital software enhances patient care after discharge

Posted in Commentary with tags on February 13, 2017 by itnerd

By Caleb Radford

AN ONLINE personal care platform from Down Under is working with a US medical centre to tap into the North American market.

Personify Care is a med-tech startup from South Australia that helps patients stay connected with clinicians before and after their hospital release.

The web-based system helps hospital staff detect complications early by creating more efficient communication between patient and nurse, allowing them to intervene before a condition escalates.

Personify Care is one of 25 companies from around the world selected for the Texas Medical Center (TMC) Innovation Institutes accelerator program in Houston.

The program pairs the resources of the medical centre with the innovative horsepower of entrepreneurs working in the areas of digital health and medical devices.

Personify Care CTO Ivan Peevski said the program would not eliminate face-to-face interaction with doctors and nurses but it made communication more convenient.

“Right now they get paper forms with all the information and it’s long – people don’t always read through the whole thing or they can feel overwhelmed by it all,” he said.

“Personify Care sends all the forms to patients so they have it wherever they are and are able to ask follow up questions after they leave, which they might not have done without this.

“Where most programs mostly focus on pre-recovery, we are focusing more on the post recovery, so when you get out of hospital and you are not really sure what you should be doing, we follow up and catch any early indication that something might be wrong.”

Discharged patients receive regular text messages from their nurse over a six to eight week period with information about their recovery and assessments that monitor the risks associated with a complication.

All of the information and forms are accessible through any computer, tablet or smart mobile device.

The global patient engagement market is estimated to reach US$16.39 Billion by 2020 from USD 6.68 Billion in 2015, at a compound annual growth rate of almost 20 per cent according to Markets and Markets.

Peevski said expanding into the global market was always the company’s goal.

“The system is something we believe is applicable to any market worldwide and we hope it will help more people stay connected with their hospitals.”

The system underwent trials at St Andrews Hospital in South Australia’s capital Adelaide over a four-month period last year.

It was used to contact each patient 17 times (an eight-fold increase) and provided ongoing visibility of patient progress across seven weeks, without increasing nurse workload.

Patients received information and follow up via the Personify Care platform their computer, tablet or mobile device, which resulted in a 95.8 per cent response rate. It also resulted in early detection of additional patient risks in one-in-five cases.

St Andrew’s CEO Stephen Walker said the hospital was delighted to be rolling out the Personify Care service in collaboration with health insurance provider BUPA across all speciality areas.

“Our experience has been that by using the Personify Care platform we have been able to improve patients’ experience of care, identify potential risks early and more effectively target interventions if required,” he said.

The hospital has since announced a hospital-wide rollout of the program.

Personify Care plans to expand further into the US market off the back of its collaboration with TMC in Houston.

Leave a comment »

AVANT Secure PC To Be Launched On Indiegogo

Posted in Commentary with tags on February 12, 2017 by itnerd

AVANT Secure PC offers world’s first hardware-only secure PC with no anti-virus software needed to combat the growing threat of computer hacking

While anti-virus software has been around for years, with varying levels of success, alternative and improved approaches to computer security have been surprisingly slow to emerge.

However, AVANT Secure PC, with the launch of its funding campaign on Indiegogo February 28th 2017, changes this radically as it now becomes the first secure PC manufacturer. Rather than relying on software and updates, AVANT meets the growing worldwide virus threat at the hardware level, allowing purchasers to take back power over their computer’s performance without start-up times slowing gradually over years of use.

The new technology is straightforward. When the 2048-bit authentication key is inserted into the device, any operating system and program file changes can still be made. However, when it’s not inserted, no permanent changes can be made to the computer. Therefore, it’s the same computer each time the machine is restarted.

AVANT Secure PC technology was originally developed and marketed only to the government to protect critical infrastructure. While the product is suited for the country’s electrical grid, banks, educational institutions, medical facilities and government offices, it’s now also available to general consumers, too, who are in need of security.

Here’s a video of AVANT Secure PC in action:

 

Leave a comment »

Hyundai Sonata Owners In Canada Find A Way To Get Android Auto & Apple CarPlay On Their Vehicles

Posted in Commentary with tags on February 10, 2017 by itnerd

One of the things that I have wondered for a while now is when some enterprising owner of a Hyundai vehicle in Canada was going to find a way to get a update to their infotainment system that gives them Android Auto and Apple CarPlay. As those who have followed this story know, MnSOFT who is responsible for these updates has a paid update for 2016 Tucson and Elantra GT owners, and Hyundai Canadaonly has updates for a handful of 2017 vehicles.

Today appears to be that day.

I got tipped off by a reader of this blog today that a Canadian has posted instructions on the Hyundai Forums on how to take what appears to me to be a Hyundai supplied update file (as the location that is in the thread on Hyundai Forums is hosted on a server with a Hyundai domain) and make it work on the Canadian version of the Hyundai Sonata. Now it goes without saying that this is completely unsupported by Hyundai Canada and if you brick your cars infotainment system, it’s totally on you and your wallet. But reading through the instructions, I believe that this is likely to open the floodgates for owners of other Hyundai vehicles in Canada. Not to mention people in other geographies such as Australia who have been clamoring for an update like this. I say that because I read through the instructions, and for a reasonably tech savvy person this the process to make this work isn’t really difficult. Thus if you assume that the rest of Hyundai’s lineup works the same way, you should expect to see similar updates start to appear for other Hyundai Canada vehicles really soon now.

The other thing this does is it will likely create another optics issue for Hyundai Canada to deal with. I say that because even though what has been done here is completely unsupported, it as I mentioned before doesn’t appear to have been difficult to do. So you can fully expect people to accuse them of a variety of things in regards to not being able to bring updates like this to their customers. Thus if I were them, I’d be working on some talking points to cover off the fact that this update is unsupported and the fact that it appears to be really easy to do.

14 Comments »

WhatsApp Now Has Two Step Verification

Posted in Commentary with tags on February 10, 2017 by itnerd

WhatsApp is rolling out a two-step verification feature starting today. This feature will allow users to securely verify their number with a custom-generated six-digit passcode whenever they install the app on a new device.

To enable this feature, do the following:

  • Open the app
  • Tap Settings
  • Tap Account
  • Tap Two-step verification
  • Tap Enable

You will then be asked if you want to enter your email address. This is used by WhatsApp to send a link via email to disable two-step verification in case the six-digit passcode is forgotten, and also to help safeguard the account. But to help you remember the passcode, you’ll be asked for it from time to time and you can’t opt out of that.

2 Comments »

« Older Entries
Newer Entries »